Key downloading method, management method, downloading management method, device and system

Abstract

Disclosed is a key downloading management method, comprising: a device end authorizing the validity of an RKS server by checking a digital signature of a work certificate public key of the RKS server, and the RKS server generating an authentication token (AT); encrypting by using an identity authentication secondary key DK2 of the device end, and sending the ciphertext to the device end; the device end decrypting the ciphertext by using the identity authentication secondary key DK2 saved thereby, encrypting the ciphertext by using the work certificate public key and then returning same to the RKS server; the RKS server decrypting same by using a work certificate private key thereof and then comparing whether the authentication token (AT) is the same as the generated authentication token (AT) or not, and if so, it is indicated that the device end is valid, thereby achieving bidirectional identity authentication.

Description

TECHNICAL FIELD[0001]The present invention relates to the field of electronic payment, in particular to a key downloading method, management method, downloading management method, device, and system.DESCRIPTION OF THE RELATED ART[0002]Bank cards as a payment tool have become more and more popular. Usually, a bank card payment system includes a POS terminal (Point of Sales), a TMS (Terminal ManageSystem), a PIN PAD, and an HSM (Hardware and Security Module). Wherein, the POS terminal is a device which can receive the bank card information, has a communication function, and receives the teller's order to complete the financial transaction information and the related information exchange; the TMS system is a system of centralized management and transaction handling that performs centralized management on the POS terminal, including parameter downloading, key downloading, receiving, handling or transferring of transaction requests of the POS terminal, and feeds back the trading result i...

AI Technical Summary

Benefits of technology

The present invention provides a method for remotely downloading master keys from a server to a device terminal, which avoids the need for concentrated downloading and distribution. This allows for direct distribution to deployed sites, reducing the need for a fixed machine room. The technical effect is improved efficiency and flexibility in key management.

Problems solved by technology

Every POS terminal shares an exclusive TMK with the TMS and must be provided with security protection to ensure that the TMK can only be written into the device and participate in the calculation and cannot be read; the TMK is a critical root key; if the TMK is intercepted, the working key is easily cracked, which seriously endangers the payment security of the bank card.

1. Manual text clear input solution: the TMS generates the TMK clear text, directly manually input into the PIN PAD of the POS terminal. Such solution has a very big security hole; the operator easily intercepts the TMK clear text; a manual input error is possible; a great number of devices need input of the corresponding TMKs one by one; usually to enhance the security, the TMK varies with the POS, thus generating complicated and huge management costs and workloads.

2. IC card cipher text import solution: IC card cipher text import. The TMK is stored in the IC card after being generated by the TMS. The IC card holder sets the PIN to protect the TMK in the IC card. When the TMK is imported into the POS terminal, the TMK is imported into the PIN PAD after the PIN is entered through the PIN PAD of the POS terminal. For this solution, management personnel are required to insert the IC cards and set the PIN one by one when the TMS generates the POS terminal. To import the TMK into the POS terminal, it is also needed to manually enter the PIN. PIN leakage still may result in leakage of the TMK. Besides, huge management costs and workloads are generated when a great number of POSs employ such solution.

3. Local key parent POS solution: In the current payment industry, a local key downloading means is usually employed, and the master keys downloaded to the financial POS terminal must be downloaded locally to ensure secure downloading, which means that the financial POS terminals need to be moved into the security machine room of the management center to be physically connected with the key parent POS in the security machine room, download the master key from the key parent POS through the operation of the management personnel, then distribute it to the deployed sites, and then remotely download the working keys through the master keys.

The machine room of the maintenance center bears a huge workload; the devices need moving to the security room of the management center to download the keys after delivery and then distribute them to the merchants, so the transport costs rise.

To download the keys concentratedly, a great amount of labor and working time are needed; the maintenance cost is high; and the maintenance cycle is long.

This solution has the following defects: the TMS cannot identify the identification of the POS terminal and prevent the fake terminal from connecting to the TMS to download the TMK; the POS terminal cannot identify the identification of the TMS and prevent the fake TMS background from downloading the fake TMK.

Images